I am successfully run()
ning commands on remote server with my private key pair.
However, I'd like to do git clone ssh://private/repo
on remote server using my local key (or using local ssh agent I'm in).
How to do it using fabric?
Agent forwarding comes with a risk When you forward ssh-agent 's Unix domain socket to a remote host, it creates a security risk: anyone with root access on the remote host can discreetly access your local SSH agent through the socket. They can use your keys to impersonate you on other machines on the network.
agent forwarding is a mechanism whereby an SSH client allows an SSH server to use the local agent on the server, the user logs into, as if it was local there. We say that the private key is forwarded to the server1 in order to connect from server1 to server2 .
Security risks of using SSH agent When you run an SSH agent, it is risky to leave your terminal unattended because anyone with physical access to your terminal can invoke the SSH command and authenticate with the SSH server. However, the more critical security risk is associated with SSH agent forwarding.
SSH agent forwarding can be used to make deploying to a server simple. It allows you to use your local SSH keys instead of leaving keys (without passphrases!) sitting on your server. If you've already set up an SSH key to interact with GitHub, you're probably familiar with ssh-agent .
Since version 1.4 fabric
has environment option that enables agent forwarding.
env.forward_agent = True
UPD: This feature was buggy before fabric
1.4.2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With